Basic authentication without browser login window

I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:

1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://username:passowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).

After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.

Advertisements

¤ Hello,
¤
¤ I have a problem with basic windows authentication in IIS6. As a developer
¤ I'm requested to implement windows authentication on my web application
¤ (asp.net), but to avoid the browser login window. I have all the users in
¤ Active Directory and this is not an intranet system. I've tried a few
¤ techniques to achieve my goal:
¤
¤ 1. ISAPI filter is the most flexible option, but I'm looking for something
¤ simpler.
¤ 2. Impersonation fails in maintaining the credentials between different
¤ requests. I can impersonate to the user using the token return by the logon
¤ function, but when redirecting to the next page, the user credentials are
¤ not kept.
¤ 3. I tried using http://username:passowrd@server/site/page.ext. This works
¤ fine (secured only when implementing SSL) but Microsoft is dropping this
¤ method, and IE6 does not support it in its new versions (support can be
¤ activated by a key in the registry but I have no access to the clients
¤ stations).
¤
¤ After I logon to AD using the user credentials entered in my custom asp.net
¤ login form, I have the user's token. The only missing part is how to pass
¤ this token to the browser token cache.
¤
¤ Does anyone have any suggestion?
¤

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!